New HIPAA Audits Become Reality as Feds Launch Phase 2

In its long-awaited Phase 2 audits, the Health and Human Services Department’s Office for Civil Rights (OCR) moved forward with ensuring compliance with federal privacy laws. The first phase, which launched in 2012, involved an OCR assessment of 115 covered entities. In March 2016, this second phase of audits was announced. During it, the procedures and policies that these entities ‒ as well as their related business associates ‒ currently have in place will be evaluated with an eye to their compliance with the requirements and regulations of the Health Insurance Portability and Accountability Act, better known as HIPAA.

A Multi-Step Process

Phase 2 will encompass several different steps. The first step involves the verification of an entity’s contact information and address. The OCR is sending out emails to those entities that are covered ‒ as well as their business associates that are also covered ‒ urging them to provide this information. It should be noted that entities that do not comply with this request could still be subjected to an audit. The OCR reminded these firms to be diligent about checking their spam folders and to update any filters that might stop emails from the agency.

Step Two of Phase 2

Step two of Phase 2 of this process will involve OCR sending covered entities a screening questionnaire that asks for more detailed information. Once this information is received, the agency expects to create audit pools that represent a broad range of covered entities, such as health plans, health care providers and other categories. From these audit pools, random entities will be chosen for the auditing process.

Two Kinds of Audits

The audits expected to be performed during Phase 2 include both those on-site and the desk. OCR issued details about the audit timelines on its website. At this writing, the agency expects to complete all desk audits by December 2016. OCR has not divulged the number of audits it aims to complete overall during Phase 2. The information will be used by the agency to develop audit reports that are designed to improve compliance and reduce the number of breaches within the system.

Ensuring that your business is HIPAA compliant is vital to its success. Partnering with a reliable IT support firm in New Jersey will protect your small business against potential issues. Give eMDTec a call at (800) 979-_2879 or drop us an email at info@emdtec.com.